Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ms Juan Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 reptone15

reptone15

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 10 May 2008 - 07:41 PM

Hello! My computer has recently started to slow down, and recieve strange pop-up ads when I opened Internet Explorer, and I couldn't open some websites. After a bit of research, I got a copy of Malwarebytes' Anti-Malware and found out that I had the Virtumonde malware. After alot of research, I removed it successfully with VundoFix. Just to be on the safe side, I ran MAM again and discovered that I had caught the MS Juan virus after the removal of Virtumonde. Virtumonde was the only malware it was detecting until I removed it, now it is MS Juan. I still get pop-ups, to a lesser extent though, and my computer is still running slower than usual. I can easily delete it from my registry, but it comes right back when I open Internet explorer. The more sites I visit, it seems to gain extra file names such as MetaJuan, Superjuan and others, all in the MS Juan directory in the registry. I have been doing lots of research, and after reading all of the HijackThis solutions I have found that there is no one solution to the problem, as they are different from mine and the others. (Taking into account the different usernames and possible programs.) My system restore points go to the exact point after I caugt Virtumonde. So I have decided to post a log of my own.

For some reason, the extra.txt did not open. I tried posting before and it turned out I had the wrong copy of Hijack this, so I got the new one, ran DSS, and I ony got Main.txt this time.

Main.txt:

Deckard's System Scanner v20071014.68
Run by user on 2008-05-10 18:38:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:56 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {6584C510-924B-486A-A1A0-E380DE08C2DB} - C:\WINDOWS\system32\rqRklIxY.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C027AF7-C6E7-44A9-B643-A28A52491FE5} - C:\WINDOWS\system32\yayvUnMG.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {453f6258-7913-cfe9-34f4-ae0be1fc882b} - {b288cf1e-b0ea-4f43-9efc-31978526f354} - C:\WINDOWS\system32\kcoalqtv.dll
O2 - BHO: (no name) - {BAADA56E-A575-4E23-A55B-496E1F6200DD} - C:\WINDOWS\system32\hgGaXpPH.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {F16ED126-1F87-4629-B911-38189F91D1CB} - C:\WINDOWS\system32\geBstTlM.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O20 - Winlogon Notify: rqRklIxY - rqRklIxY.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7775 bytes

-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-10 18:30:56 0 d-------- C:\Program Files\Trend Micro
2008-05-10 15:53:52 0 d-------- C:\Documents and Settings\user\Application Data\Cakewalk
2008-05-10 15:53:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Identities
2008-05-10 15:53:36 118784 --a------ C:\WINDOWS\dsdxirmv.exe
2008-05-10 15:49:00 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX>
2008-05-10 15:48:21 0 d-------- C:\Program Files\Cakewalk
2008-05-10 15:48:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-05-10 15:48:21 0 d-------- C:\Cakewalk Projects
2008-05-09 14:21:30 0 d-------- C:\TEMP
2008-05-09 00:29:49 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-05-09 00:29:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 00:29:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 23:58:46 0 d-------- C:\VundoFix Backups
2008-05-08 23:15:30 0 d-------- C:\Documents and Settings\user\TEMP
2008-05-08 22:55:26 6317 --ahs---- C:\WINDOWS\system32\HPpXaGgh.ini2
2008-05-08 21:17:25 1037696 --ahs---- C:\WINDOWS\system32\MlTtsBeg.ini2
2008-05-08 15:20:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 14:19:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 14:02:06 105472 --a------ C:\WINDOWS\system32\kcoalqtv.dll
2008-05-08 13:59:09 2048 --a------ C:\WINDOWS\system32\wyjwnggo.exe
2008-05-08 13:34:42 0 d-------- C:\Program Files\Windows Defender
2008-05-08 11:51:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-08 11:51:13 0 d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-05-08 11:51:06 0 d-------- C:\Program Files\Uniblue
2008-05-07 15:47:51 1053173 --ahs---- C:\WINDOWS\system32\GMnUvyay.ini2
2008-05-07 15:45:18 0 d-------- C:\Program Files\ASIO4ALL v2
2008-05-07 15:44:15 0 d-------- C:\Program Files\Outsim
2008-05-07 00:16:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-05-06 21:54:07 611840 --a------ C:\WINDOWS\system32\vobhw.dll <Not Verified; VOB Computersysteme GmbH; InstantCD+DVD>
2008-05-06 21:54:07 153088 --a------ C:\WINDOWS\system32\IWUninstall.exe
2008-05-06 21:54:07 11264 --a------ C:\WINDOWS\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
2008-05-06 21:54:07 19456 --a------ C:\WINDOWS\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; >
2008-05-06 21:54:07 0 d-------- C:\Program Files\VOB
2008-05-06 21:04:36 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-05-06 21:03:59 0 d-------- C:\Program Files\Image-Line
2008-04-29 21:08:43 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-29 21:03:11 0 d-------- C:\Program Files\TmUnitedForever
2008-04-29 21:02:31 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania United
2008-04-29 21:00:26 0 d-------- C:\Program Files\TrackMania United
2008-04-28 14:20:33 0 d-------- C:\Games
2008-04-27 14:37:16 0 d-------- C:\WINDOWS\Gish
2008-04-27 14:37:16 0 d-------- C:\Program Files\Gish
2008-04-27 13:18:42 0 d-------- C:\Program Files\OpenAL
2008-04-27 13:18:39 0 d-------- C:\Program Files\Gish demo
2008-04-22 21:09:45 0 d-------- C:\DOTT.CD
2008-04-22 21:06:37 0 d-------- C:\THROTTLE
2008-04-22 13:03:45 0 d-------- C:\NORMAL
2008-04-21 13:40:32 0 d-------- C:\Program Files\DOSBox-0.72
2008-04-20 18:48:09 0 d--h----- C:\WINDOWS\PIF
2008-04-13 13:55:43 0 d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-04-13 13:55:34 0 d-------- C:\Program Files\burnatonce
2008-04-13 13:36:22 0 d-------- C:\Program Files\winLAME
2008-04-12 11:23:17 0 d-------- C:\Program Files\MagicISO
2008-04-12 11:18:56 0 d-------- C:\Documents and Settings\user\Application Data\Leadertech
2008-04-12 01:36:15 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-04-12 01:32:53 0 d-------- C:\Program Files\Common Files\Nero
2008-04-12 01:31:45 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-04-12 01:31:45 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-04-12 01:31:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-12 01:31:40 0 d-------- C:\Program Files\Ahead


-- Find3M Report ---------------------------------------------------------------

2008-05-10 18:02:47 336 --a------ C:\WINDOWS\system32\tablet.dat
2008-05-10 18:02:43 0 --a------ C:\WINDOWS\TempFile
2008-05-10 17:55:33 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-09 16:29:55 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-05-09 00:53:40 0 d-------- C:\Program Files\Common Files
2008-05-06 21:52:21 0 d-------- C:\Program Files\Steinberg
2008-05-06 12:03:40 0 d-------- C:\Program Files\Zune
2008-05-02 12:28:59 0 d-------- C:\Documents and Settings\user\Application Data\U3
2008-05-02 00:05:42 0 d-------- C:\Documents and Settings\user\Application Data\Winamp
2008-04-20 22:16:43 0 d-------- C:\Documents and Settings\user\Application Data\mIRC
2008-04-20 21:49:22 0 d-------- C:\Program Files\mIRC
2008-04-12 01:35:02 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-10 22:45:35 0 d-------- C:\Program Files\Operation Cleaner 2
2008-04-09 19:56:17 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-09 19:56:11 88 -rahs---- C:\WINDOWS\system32\98F8850055.sys
2008-04-09 01:02:01 0 d-------- C:\Documents and Settings\user\Application Data\Corel
2008-04-09 00:58:50 0 d-------- C:\Program Files\Corel® Painter™ IX.5 TBYB EN
2008-04-09 00:56:47 0 d-------- C:\Program Files\Corel
2008-04-03 12:49:47 0 d-------- C:\Program Files\Phun
2008-04-03 00:17:19 0 d-------- C:\Documents and Settings\user\Application Data\gears
2008-04-02 17:17:40 0 d-------- C:\Program Files\Data Realms
2008-04-02 15:59:09 0 d-------- C:\Program Files\Java
2008-03-29 17:54:08 0 d-------- C:\Program Files\Bonjour
2008-03-29 17:54:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-29 17:49:14 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-28 11:19:19 0 d-------- C:\Program Files\Unity
2008-03-24 11:10:45 0 d-------- C:\Documents and Settings\user\Application Data\Sun
2008-03-24 11:09:34 0 d-------- C:\Program Files\Common Files\Java
2008-03-23 01:22:44 0 d-------- C:\Program Files\FlashFXP
2008-03-19 11:44:03 0 d-------- C:\Program Files\Winamp
2008-03-12 14:23:16 0 d-------- C:\Documents and Settings\user\Application Data\Mp3tag
2008-03-12 13:55:22 0 d-------- C:\Program Files\Mp3tag


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6584C510-924B-486A-A1A0-E380DE08C2DB}]
C:\WINDOWS\system32\rqRklIxY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C027AF7-C6E7-44A9-B643-A28A52491FE5}]
C:\WINDOWS\system32\yayvUnMG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b288cf1e-b0ea-4f43-9efc-31978526f354}]
05/08/2008 02:02 PM 105472 --a------ C:\WINDOWS\system32\kcoalqtv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAADA56E-A575-4E23-A55B-496E1F6200DD}]
C:\WINDOWS\system32\hgGaXpPH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F16ED126-1F87-4629-B911-38189F91D1CB}]
C:\WINDOWS\system32\geBstTlM.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [04/12/2007 02:33 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 03:43 AM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/11/2007 06:03 AM]
"nwiz"="nwiz.exe" [05/11/2007 06:03 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/11/2007 06:03 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [10/23/2005 12:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [07/07/2006 04:14 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/07/2006 04:15 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" []
"P17Helper"="P17.dll" [05/03/2005 07:38 PM C:\WINDOWS\system32\P17.dll]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 05:00 AM]
"SetDefaultMIDI"="MIDIDef.exe" [12/03/2002 05:16 PM C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [10/29/2007 11:31:16 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6584C510-924B-486A-A1A0-E380DE08C2DB}"= C:\WINDOWS\system32\rqRklIxY.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRklIxY]
rqRklIxY.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGaXpPH

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f90f5178-94be-11dc-9883-001a4d535f25}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-05-10 18:39:11 ------------

Edited by reptone15, 10 May 2008 - 07:45 PM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:00 AM

Posted 11 May 2008 - 02:50 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:00 AM

Posted 20 May 2008 - 12:42 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users